0x00漏洞1.作者发现并修复的三个重要漏洞,它们正处于open状态,只是在等待有人注意到https://randomascii.wordpress.com/2020/08/30/the-easy-ones-three-bugs-hiding-in-the-open/ 2.Slack和Zomato都存在的HTTP Request Smuggling导致账户接管的漏洞https://www.youtube.com/watch?v=gzM4wWA7RFo&feature=youtu.be 3.通过损害worker节点的实例角色来提升AWS Elastic Kubernetes Service(EKS)中的特权https://blog.christophetd.fr/privilege-escalation-in-aws-elastic-kubernetes-service-eks-by-compromising-the-instance-role-of-worker-nodes/ 4.思科IOS XR软件DVMRP内存耗尽漏洞(CVE-2020-3566/CVE-2020-3569)https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz0x01恶意代码1.对一次网络攻击的分析,攻击者从通过RDP登陆到在所有域主机上投递NetWalker勒索软件
………………………………